Project On WAN Connectivity

Submitted by:Gunjan Mudgil (IT-8320)

Contents
1. Introduction
Technology evolution What is WAN connectivity? Options available for WAN connectivity a. Leased line b. Circuit switching c. Packet switching 2. WAN devices Routers Modems WAN Switches Access server LAN devices a. Hub b. Bridge 3. Different technologies in WAN Frame relay technology ATM technology IP technology MPLS technology

4. Technology comparison
MPLS versus IP MPLS versus Frame relay MPLS versus ATM 5. Traditional IP VPN versus MPLS VPN IP VPN v/s MPLS VPN 6. Advantages and disadvantages of MPLS IP VPN

7. Security over WAN connectivity

Internet protocol security(IPsec) Technical details a. Authentication header(AH) b. Encapsulating security payload(ESP)

8. Upcoming Technologies
IPV6 Features and differences from IPV4

9. Future expectations 10. References 11. Glossary

Introduction
1.1 Technology evolution
Today businesses demand global connectivity of different business entities to meet their ever-increasing communication needs. Companies must be able to efficiently and cost-effectively connect with geographical disbursed employees for application integration and information sharing. Usually large multi-nationals or even smaller ones have their pops i.e. their point of presence at various locations throughout the country and in such circumstance, one of the major issues is how to bring them together so that employees working at different locations may be able to exchange information between them easily, cost-effectively as well as in a reliable manner. Long before the advent of Wide Area Network technology, people working at different locations had no medium through which they can actually communicate through each other. Even if they had to exchange information between them, they had to do so either by meeting somewhere or through sending mails over the internet which is rather a less reliable way of sending information and in doing so our information also becomes prone to hackers which could easily make use of the information in wrong way. Therefore, with the WAN technology people now have a really descent way of exchanging information.

1.2 What is WAN connectivity?

Wide Area Network (WAN) is a computer network that covers a broad area (i.e., any network whose communications links cross metropolitan, regional, or national boundaries. Or, less formally, a network that uses routers and public communications links. Contrast with personal area networks (PANs), local area networks (LANs), campus area networks (CANs), or metropolitan area networks (MANs) which are usually limited to a room, building, campus or specific metropolitan area (e.g., a city) respectively. The largest and most well-known example of a WAN is the Internet.

WANs are used to connect LANs and other types of networks together, so that users and computers in one location can communicate with users and computers in other locations. Many WANs are built for one particular organization and are private. Others, built by Internet service providers, provide connections from an organization's LAN to the Internet. WANs are often built using leased lines. At each end of the leased line, a router the connects to the LAN on one side and a hub within WAN on the other. Leased lines can be very expensive. Instead of using leased lines, WANs can also be built using less costly circuit switching or packet switching methods. Network protocols including TCP/IP deliver transport and addressing functions. Protocols including Packet over SONET/SDH, MPLS, ATM and Frame relay are often used by service providers to deliver the links that are used in WANs. 1.3 Several options are available for WAN connectivity:
Sample Bandwidth protocols range used

Option:

Description

Advantages

Disadvantages

Leased line

Point-to-Point Most secure connection between two Offices, Link

Expensive (For 64Kbps PPP, multiple locations upto STM1 HDLC, PTP circuits, SDLC,

gets terminated on the Routers at each premises which in turn is connected to the LAN. A dedicated circuit path is created Circuit Less between end points. switching Expensive Best example is dialup connections Devices transport packets via a shared single point-to-point or point-tomultipoint link across a carrier Packet internetwork. switching Variable length packets are transmitted over Permanent Virtual Circuits (PVC) or Switched Virtual Circuits (SVC)

huge investment in hardware required)

HNAS

Call Setup

28 Kb/s PPP, ISDN 144 Kb/s

Shared media across link

X.25, FrameRelay

Similar to packet switching, but uses fixed length cells best for instead of variable simultaneous Overhead can be Cell relay length packets. Data use of Voice considerable is divided into fixedand data length cells and then transported across virtual circuits

ATM

Transmission rate usually range from 1200 bits/second to 6 Mbit/s, although some connections such as ATM and Leased lines can reach speeds greater

than 155.5 Mbit/s. Typical communication links used in WANs are primarily segment in two types Terrestrial or Wireless

Terrestrial: Telephone lines Leased Lines

Wireless: Microwave links Satellite channels. Recently with the proliferation of low cost of Internet connectivity many companies and organizations have turned to VPN to interconnect their networks, creating a WAN in that way. Companies such as Cisco, Juniper. Nortel, Huawei, ZTE, New Edge Networks and Check Point offer devices and network elements which become part of complex network solutions that can be desined or offered to various Corpoarte Companies for their inter office connectivity. Today Company belonging to different marke segments such as : Media & Services: Hindustan Times, Times Now, CNBC, ESPN, Jet Airways, etc. IT & IT Telecom: Polaris, Infosys, Oracle, HCL, IBM, HP Invent, etc BFSI: HDFC Bank, HSBC, ABN-AMRO, Morgan Stanley, etc M&D: Pepsi, Nestle, Samsung, Ranbaxy, Philips, etc Government: Airport Authority of India, Indian Army, Department of Income Tax, etc ISP & carrier: Primus, Hathway, Equant, MCI, etc Are looking for solutions that will enable hem to interconnect to large number of hir branch offices across the country or continenet. Today VPN

based connectivity offers a mor cost effective and flexible solutions to all such companies.

a. Point-to-Point Links
A point-to-point link provides a single, pre-established WAN communications path from the customer premises through a carrier network, such as a telephone company, to a remote network. Point-to-point lines are usually leased from a carrier and thus are often called leased lines. For a point-to-point line, the carrier allocates pairs of wire and facility hardware to your line only. These circuits are generally priced based on bandwidth required and distance between the two connected points. Point-to-point links are generally more expensive than shared services such as Frame Relay. Figure illustrates a typical point-to-point link through a WAN. A Typical Point-to-Point Link Operates Through a WAN to a Remote Network

NLD(National Long Distance) Leased Circuit

NLD Leased Circuit is an ideal solution for connectivity that is time or content sensitive, as well as for establishing an integrated network to handle variety of functions within an organizations wide area network. It mostly comes into use at the time of mission critical applications where the scope of error and delays in data transfer is extremely critical. NLD Leased Circuit offers highly available, reliable and secure connectivity to enterprises with large communication requirements. NLD Leased Circuit is delivered to customers on the organizations

seamless NLD network such as Airtel seamless network having pan India coverage. NLD Leased Circuits are available with bandwidth options of E1, NxE1, DS3, STM-1, STM-4 and higher are available to cater the varied customer requirements.

b. Circuit Switching
Switched circuits allow data connections that can be initiated when needed and terminated when communication is complete. This works much like a normal telephone line works for voice communication. Integrated Services Digital Network (ISDN) is a good example of circuit switching. When a router has data for a remote site, the switched circuit is initiated with the circuit number of the remote network. In the case of ISDN circuits, the device actually places a call to the telephone number of the remote ISDN circuit. When the two networks are connected and authenticated, they can transfer data. When the data transmission is complete, the call can be terminated. Figure illustrates an example of this type of circuit. A Circuit-Switched WAN Undergoes a Process Similar to That Used for a Telephone Call

c. Packet Switching
Packet switching is a WAN technology in which users share common carrier resources. Because this allows the carrier to make more efficient use of its infrastructure, the cost to the customer is generally much better than with point-to-point lines. In a packet switching setup, networks have connections into the carrier's network, and many customers share the carrier's network. The carrier can then create virtual circuits between customers' sites by which packets of data are delivered from one to the other through the network. The section of the carrier's network that is shared is often referred to as a cloud. Some examples of packet-switching networks include Asynchronous Transfer Mode (ATM), Frame Relay, Switched Multimegabit Data Services (SMDS), and X.25. Figure shows an example packetswitched circuit. The virtual connections between customer sites are often referred to as a virtual circuit.

Figure: Packet Switching Transfers Packets across a Carrier Network

2. Network Devices
WAN Devices:WANs use numerous types of devices that are specific to WAN environments. WAN switches, access servers, modems, CSU/DSUs, and hubs are discussed in the following sections. Other devices found in WAN environments that are used in WAN implementations include routers, ATM switches, and multiplexers.

2.1 Router
A router is a computer whose software and hardware are usually tailored to the tasks of routing and forwarding information. Routers generally contain a specialized operating system , RAM, NVRAM, flash memory, and one or more processors. Routers connect two or more logical subnets, which do not necessarily map one-to-one to the physical interfaces of the router. Routers operate in two different planes:

1. Control Plane, in which the router learns the outgoing interface that is most appropriate for forwarding specific packets to specific destinations, 2. Forwarding Plane, which is responsible for the actual process of sending a packet received on a logical interface to an outbound logical interface.

Cisco 1800 Router

2.2 Modem
A modem is a device that interprets digital and analog signals, enabling data to be transmitted over voice-grade telephone lines. At the source, digital signals are converted to a form suitable for transmission over analog communication facilities. At the destination, these analog signals are returned to their digital form. Figure illustrates a simple modem-to-modem connection through a WAN.

Figure: A Modem Connection through a WAN Handles Analog and Digital Signals

Motorola Surfboard cable modem, model SB4100

2.3 WAN Switch

A network switch is a computer networking device that connects network segments. As with hubs, Ethernet implementations of network switches support either 10/100 Mbit/s or 10/100/1000 Mbit/s ports Ethernet standards. Large switches may have 10 Gbit/s ports. Switches differ from hubs in that they can have ports of different speed.

Typical SOHO network switch.

There are two types of Switches based on the layer that they work on:-

1. Layer-2 Switches: Layer switch is a local area network switch that

forwards traffic based on MAC layer (Ethernet or Token Ring) addresses.

2. Layer-3 Switches: Layer 3 switch is a network device that forwards traffic based on layer 3 information at very high speeds. Layer 3 switch uses the same routing algorithms as traditional routers do. However, Layer 3 switch performs its operations using application specific integrated circuit (ASIC) hardware, while a router does it using software in a microprocessor. A Layer 3 switch goes beyond the Layer 2 MAC addressing and routing. The Layer 3 switch looks at the incoming packets networking protocol.

Switches can also sometimes classified as:1. Managed Switches 2. Unmanaged Switches

Figure: Two Routers at Remote Ends of a WAN Can Be Connected by WAN Switches

Access Server
An access server acts as a concentration point for dial-in and dial-out connections. Figure illustrates an access server concentrating dialout connections into a WAN. Figure: An Access Server Concentrates Dial-Out Connections into a WAN

2.5 LAN Devices a. Hub

A common connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets. A passive hub serves simply as a conduit for the data, enabling it to go from one device (or segment) to another. So-called intelligent hubs include an additional feature that enables an administrator to monitor the traffic passing through the hub and to configure each port in the hub. Intelligent hubs are also called manageable hubs.

A third type of hub, called a switching hub, actually reads the destination address of each packet and then forwards the packet to the correct port.

b. Bridge
Network bridge connects multiple network segments at the data link layer (layer 2) of the OSI model, and the term layer 2 switch is often used interchangeably with bridge. Bridges are similar to repeaters or network hubs, devices that connect network segments at the physical layer, however a bridge works by using bridging where traffic from one network is managed rather than simply rebroadcast to adjacent network segments. A bridge device filters data traffic at a network boundary. Bridges reduce the amount of traffic on a LAN by dividing it into two segments.

3. Different technologies proposed for connecting different sites in WAN:3.1 Frame relay technology 3.2 ATM technology 3.3 IP technology 3.4 MPLS technology

Out of all the above technologies mpls i.e. multi-protocol label switching is the most important one and over the last one and a half years, it has really gained popularity. Today it has emerged as the most scalable vpn implementation in the IP and data communication world. So we will be giving a brief introduction to the first three but the main stress will be on mpls technology and later comparing it with the other remaining ones.

Evolution of above technologies(evolution of MPLS)

Today there are various technologies that are present for connecting various sites in WAN connectivity. But their evolution have started with the advent of Frame relay and ATM technology. These two still forms the basis of various technologies that are present today including the MPLS technology. These technologies are still used today in some places but due to the various disadvantages such as:1. 2. 3. 4. 5. Complex Design Less availability More numbers of equipment reqired which leads to increase in cost Out of band control No services were provided such as cable modem, DSL, etc.

All these diadvantages led to the development of IP technology which is still being used today in many parts of the world and was the main contibuter in the devlopment of MPLS technology. MPLS cannot be compared to IP as a separate entity because it works in conjunction with IP and IP's IGP routing protocols. But even with the IP technology there were still some problems those had to be taken care of:1. Less control over the traffic 2. Each packet of data had to assigned with a IP address which required more equipments thus increasing the cost

3. Initial cost of setting a network with this technology was quite high. 4. Services such as DSL, cable modem etc were provided but advanced services such as Voice Over IP (VOIP) were not included. So, there was a need of a technology which was simple to implement but at the same time it had the features because of which the technologies had before it had collasped. All this led to a advent of MPLS technology. MPLS was originally proposed by a group of engineers from Ipsilon Networks, but their "IP Switching" technology, which was defined only to work over ATM, did not achieve market dominance. Cisco Systems, Inc. introduced a related proposal, not restricted to ATM transmission, called "Tag Switching" when it was a Cisco proprietary proposal, and was renamed "Label Switching" when it was handed over to the IETF for open standardization. The IETF work involved proposals from other vendors, and development of a consensus protocol that combined features from several vendors' work.

One original motivation was to allow the creation of simple high-speed switches, since for a significant length of time it was impossible to forward IP packets entirely in hardware. However, advances in VLSI have made such devices possible. Therefore the advantages of MPLS primarily revolve around the ability to support multiple service models and perform traffic management. MPLS also offers a robust recovery framework that goes beyond the simple protection rings of synchronous optical networking (SONET/SDH). While the traffic management benefits of migrating to MPLS are quite valuable (better reliability, increased performance), there is a significant loss of visibility and access into the MPLS cloud for IT departments.

3.1 Frame relay technology

In the context of computer networking, frame relay consists of an efficient data transmission technique used to send digital information quickly and cheaply. It is a message forwarding "relay race" like system in which data packets, called frames, are passed from one or many start-points to one or many destinations via a series of intermediate node points. Network providers commonly implement frame relay for voice and data as an encapsulation technique, used between local area networks (LANs) over a wide area network (WAN). Each end-user gets a private line (or leased line) to a frame-relay node. The frame-relay network handles the transmission over a frequently-changing path transparent to all end-users. With the advent of MPLS, VPN and dedicated broadband services such as cable modem and DSL, the end may loom for the frame relay protocol and encapsulation. However many rural areas remain lacking DSL and cable modem services. In such cases the least expensive type of "always-on" connection remains a 64-kilobit frame-relay line. Thus a retail chain, for instance, may use frame relay for connecting rural stores into their corporate WAN.

3.2 Atm technology

Asynchronous Transfer Mode (ATM) is a cell relay, packet switching network and data link layer protocol which encodes data traffic into small (53 octets; 48 octets of data and 5 octets of header information) fixed-sized cells. ATM provides data link layer services that run over Layer 1 links. This differs from other technologies based on packet-switched networks (such as the Internet Protocol or Ethernet), in which variable sized packets (known as frames when referencing Layer 2) are used. ATM is a connection-oriented technology, in which a logical connection is established between the two endpoints before the actual data exchange begins. The standards for ATM were first developed in the mid 1980s. The goal was to design a single networking strategy that could transport real-time video and audio as well as image files, text and email. Two groups, the International Telecommunications Union and the ATM Forum were

involved in the creation of the standards. ATM has been used primarily with telephone and IP networks.

3.3 Ip technology
The Internet Protocol (IP) is a protocol used for communicating data across a packet-switched internetwork using the TCP/IP suite of protocols. IP is the primary protocol in the Internet Layer of the Internet protocol suite and has the task of delivering datagrams (packets) from the source host to the destination host solely based on its address. For this purpose the Internet Protocol defines addressing methods and structures for datagram encapsulation. The first major version of addressing structure, now referred to as Internet Protocol Version 4 (IPv4) is still the dominant protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6) is actively deployed world-wide.

Packetization
Data from an upper layer protocol is encapsulated inside one or more packets/datagrams (the terms are basically synonymous in IP). No circuit setup is needed before a host tries to send packets to a host it has previously not communicated with (this is the point of a packet-switched network), thus IP is a connectionless protocol. This is quite unlike Public Switched Telephone Networks that require the setup of a circuit before a phone call may go through (a connection-oriented protocol).

3.4 Mpls technology

In computer networking and telecommunications, Multi Protocol Label Switching (MPLS) is a data-carrying mechanism that belongs to the family of packet-switched networks. MPLS operates at an OSI Model layer that is generally considered to lie between traditional definitions of Layer 2 (Data Link Layer) and Layer 3 (Network Layer).

It was designed to provide a unified data-carrying service for both circuitbased clients and packet-switching clients which provide a datagram service model. It can be used to carry many different kinds of traffic, including IP packets, as well as native ATM, SONET, and Ethernet frames. A number of different technologies were previously deployed with essentially identical goals, such as frame relay and ATM. MPLS is now replacing these technologies in the marketplace, mostly because it is better aligned with current and future technology needs. In particular, MPLS dispenses with the cell-switching and signaling-protocol baggage of ATM. MPLS recognizes that small ATM cells are not needed in the core of modern networks, since modern optical networks (as of 2008) are so fast (at 40 Gbit/s and beyond) that even full-length 1500 byte packets do not incur significant real-time queuing delays (the need to reduce such delays e.g., to support voice traffic was the motivation for the cell nature of ATM). At the same time, MPLS attempts to preserve the traffic engineering and out-of-band control that made frame relay and ATM attractive for deploying large-scale networks. There are two types of architecture that mpls work on:1. Mesh architecture 2. Hub and Spoke architecture
1.

Mesh architecture:In this type of architecture all the users are connecting to each other. All of them can send or receive data from any one of them.

2.

Hub and Spoke architecture:In this type of architecture all the users at different locations are connected through a common link. If any user has some information to be exchanged with some other user at different location, he has to do by first transferring the information to the common link and then transferring the information forward to the specified user.

Working of MPLS
MPLS works by prefixing packets with an MPLS header, containing one or more 'labels'. This is called a label stack. Each label stack entry contains four fields: 1. 20-bit label value. 2. 3-bit field for QoS (Quality of Service) priority (experimental). 3. 1-bit bottom of stack flag. If this is set, it signifies that the current label is the last in the stack. 4. an 8-bit TTL (time to live) field.

These MPLS-labeled packets are switched after a Label Lookup/Switch instead of a lookup into the IP table. As mentioned above, when MPLS was conceived, Label Lookup and Label Switching were faster than a RIB lookup because they could take place directly within the switched fabric and not the CPU. The entry and exit points of an MPLS network are called Label Edge Routers (LER), which, respectively, push an MPLS label onto the incoming packet and pop it off the outgoing packet. Routers that perform routing based only on the label are called Label Switch Routers (LSR). In some applications, the packet presented to the LER already may have a label, so that the new LSR pushes a second label onto the packet. For more information see Penultimate Hop Popping.

Labels are distributed between LERs and LSRs using the Label Distribution Protocol (LDP). Label Switch Routers in an MPLS network regularly exchange label and reachability information with each other using standardized procedures in order to build a complete picture of the network they can then use to forward packets. Label Switch Paths (LSPs) are established by the network operator for a variety of purposes, such as to create network-based IP Virtual Private Networks or to route traffic along specified paths through the network. In many respects, LSPs are no different than PVCs in ATM or Frame Relay networks, except that they are not dependent on a particular Layer 2 technology. In the specific context of an MPLS-based Virtual Private Network (VPN), LSRs that function as ingress and/or egress routers to the VPN are often called PE (Provider Edge) routers. Devices that function only as transit routers are similarly called P (Provider) routers. The job of a P router is significantly easier than that of a PE router, so they can be less complex and may be more dependable because of this. When an unlabeled packet enters the ingress router and needs to be passed on to an MPLS tunnel, the router first determines the forwarding equivalence class (FEC) the packet should be in, and then inserts one or more labels in the packet's newly-created MPLS header. The packet is then passed on to the next hop router for this tunnel.

When a labeled packet is received by an MPLS router, the topmost label is examined. Based on the contents of the label a swap, push (impose) or pop (dispose) operation can be performed on the packet's label stack. Routers can have prebuilt lookup tables that tell them which kind of operation to do based on the topmost label of the incoming packet so they can process the packet very quickly. In a swap operation the label is swapped with a new label, and the packet is forwarded along the path associated with the new label. In a push operation a new label is pushed on top of the existing label, effectively "encapsulating" the packet in another layer of MPLS. This allows hierarchical routing of MPLS packets. Notably, this is used by MPLS VPNs. In a pop operation the label is removed from the packet, which may reveal an inner label below. This process is called "decapsulation". If the popped label was the last on the label stack, the packet "leaves" the MPLS tunnel. This is usually done by the egress router, but see PHP below. During these operations, the contents of the packet below the MPLS Label stack are not examined. Indeed transit routers typically need only to examine the topmost label on the stack. The forwarding of the packet is done based on the contents of the labels, which allows "protocol-independent packet forwarding" that does not need to look at a protocol-dependent routing table and avoids the expensive IP longest prefix match at each hop. At the egress router, when the last label has been popped, only the payload remains. This can be an IP packet, or any of a number of other kinds of payload packet. The egress router must therefore have routing information for the packet's payload, since it must forward it without the help of label lookup tables. An MPLS transit router has no such requirement. In some special cases, the last label can also be popped off at the penultimate hop (the hop before the egress router). This is called Penultimate Hop Popping (PHP). This may be interesting in cases where the egress router has lots of packets leaving MPLS tunnels, and thus spends inordinate amounts of CPU time on this. By using PHP, transit routers connected directly to this egress router effectively offload it, by popping the last label themselves.

MPLS can make use of existing ATM network infrastructure, as its labeled flows can be mapped to ATM virtual circuit identifiers, and vice versa.

4 Technology comparisons 4.1 Comparison of MPLS versus IP

MPLS cannot be compared to IP as a separate entity because it works in conjunction with IP and IP's IGP routing protocols. MPLS gives IP networks simple traffic engineering, the ability to transport Layer 3 (IP) VPNs with overlapping address spaces, and support for Layer 2 pseudowires (with Any Transport Over MPLS, or ATOM - see Martini draft). Routers with programmable CPUs and without TCAM/CAM or another method for fast lookups may also see a limited increase in the performance. MPLS relies on IGP routing protocols to construct its label forwarding table, and the scope of any IGP is usually restricted to a single carrier for stability and policy reasons. As there is still no standard for carrier-carrier MPLS it is not possible to have the same MPLS service (Layer2 or Layer3 VPN) covering more than one operator.

MPLS Traffic Engineering

MPLS Traffic Engineering provides benefits over a pure-IP network by allowing greater control over the spread of traffic in the network. The path of an LSP can either be (a) explicitly configured hop by hop, (b) dynamically routed by the Constrained Shortest Path First CSPF algorithm, or (c) configured as a loose route that avoids a particular IP or that is partly explicit and partly dynamic. In a pure IP network, the shortest path to a destination is chosen even when it becomes more congested. Meanwhile, in an IP network with MPLS Traffic Engineering CSPF routing, constraints such as the RSVP bandwidth of the traversed links can also be considered, such that the shortest path with available bandwidth will be chosen. MPLS Traffic Engineering relies upon the use of TE extensions to OSPF or IS-IS and RSVP. Besides the constraint of RSVP bandwidth, users can also define

their own constraints by specifying link attributes and special requirements for tunnels to route (or to not route) over links with certain attributes.

4.2 Comparison of MPLS versus Frame Relay

Frame relay aimed to make more efficient use of existing physical resources, which allow for the underprovisioning of data services by telecommunications companies (telcos) to their customers, as clients were unlikely to be utilizing a data service 100 percent of the time. In more recent years, frame relay has acquired a bad reputation in some markets because of excessive bandwidth overbooking by these telcos. Telcos often sell frame relay to businesses looking for a cheaper alternative to dedicated lines; its use in different geographic areas depended greatly on governmental and telecommunication companies' policies. Some of the early companies to make frame relay products included StrataCom (later acquired by Cisco Systems) and Cascade Communications (later acquired by Ascend Communications and then by Lucent Technologies). AT&T is currently (as of June 2007) the largest frame relay service provider in the United States, with local networks in 22 states, plus national and international networks. This number is expected to change between 2007 and 2009 when most of these frame relay contracts expire. Many customers are likely to migrate from frame relay to MPLS over IP or Ethernet within the next two years, which in many cases will reduce costs and improve manageability and performance of their wide area networks.

4.3 Comparison of MPLS versus ATM

While the underlying protocols and technologies are different, both MPLS and ATM provide a connection-oriented service for transporting data across computer networks. In both technologies, connections are signaled between endpoints, connection state is maintained at each node in the path, and encapsulation techniques are used to carry data across the connection. Excluding differences in the signaling protocols (RSVP/LDP for MPLS and PNNI for ATM) there still remain significant differences in the behavior of the technologies.

The most significant difference is in the transport and encapsulation methods. MPLS is able to work with variable length packets while ATM transports fixed-length (53 byte) cells. Packets must be segmented, transported and re-assembled over an ATM network using an adaption layer, which adds significant complexity and overhead to the data stream. MPLS, on the other hand, simply adds a label to the head of each packet and transmits it on the network. Differences exist, as well, in the nature of the connections. An MPLS connection (LSP) is uni-directional - allowing data to flow in only one direction between two endpoints. Establishing two-way communications between endpoints requires a pair of LSPs to be established. Because 2 LSPs are required for connectivity, data flowing in the forward direction may use a different path from data flowing in the reverse direction. ATM point-topoint connections (Virtual Circuits), on the other hand, are bi-directional, allowing data to flow in both directions over the same path (bi-directional are only svc ATM connections; pvc ATM connections are uni-directional). Both ATM and MPLS support tunnelling of connections inside connections. MPLS uses label stacking to accomplish this while ATM uses Virtual Paths. MPLS can stack multiple labels to form tunnels within tunnels. The ATM Virtual Path Indicator (VPI) and Virtual Circuit Indicator (VCI) are both carried together in the cell header, limiting ATM to a single level of tunnelling. The biggest single advantage that MPLS has over ATM is that it was designed from the start to be complementary to IP. Modern routers are able to support both MPLS and IP natively across a common interface allowing network operators great flexibility in network design and operation. ATM's incompatibilities with IP require complex adaptation making it largely unsuitable in today's predominantly IP networks.

5. Traditional IP-VPN v/s MPLS-VPN

5.1 IP VPN v/s MPLS VPN:-

6. Advantages of mpls ip vpn:-

Disadvantages of mpls ip vpn:1. An additional layer is added. 2. A router has to understand the mpls.

7. Security over wan connectivity (on the mpls network)

Fully aware of the existing security issues of IP and the requirements of customers today,to have an entirely secure backbone over which their traffic transits,every organisation has taken th utmost care in ensuring the prevention of attacks and the isolation of VPNS wihin the MPLS network. Ex:- Organisations such as AIRTEL have been providing one of the best as well as the most secure mpls network. Airtels MPLS network was deployed jointly by the Cisco Advanced Services team and Wipro. The entire networks implementation, verification, and security is conducted and monitored regularly by the Cisco Advanced Services Team. Packet forwarding within Airtels MPLS network is based on Labels, not on the customers IP addresses. Hence there is no way that someone else can get data intercepted. MPLS uses a simple indexing mechanism called a Label. This Label replaces traditional IP packet forwarding. The Label describes how the packet should be handled within the network. One of the most important technologies related to security over Wan Connectivity is IPSEC i.e. Internet Protocol Security.

7.1 Internet protocol security(ipsec)

(IP) communications by authenticating and/or encrypting each IP packet in a data stream. IPsec also includes protocols for cryptographic Internet Protocol Security (IPsec) is a suite of protocols for securing Internet Protocol key establishment.

Summary

IPsec protocols operate at the network layer, layer 3 of the OSI model. Other Internet security protocols in widespread use, such as SSL, TLS and SSH, operate from the transport layer up (OSI layers 4 - 7). This makes IPsec more flexible, as it can be used for protecting layer 4 protocols, including both TCP and UDP, the most commonly used transport layer protocols. IPsec has an advantage over SSL and other methods that operate at higher layers: an application doesn't need to be designed to use IPsec, whereas the ability to use SSL or another higher-layer protocol must be incorporated into the design of an application. IPSec is a framework of open standards that provides data confidentiality, data integrity, and data authentication between participating peers. IPSec provides these security services at the IP layer; it uses IKE to handle negotiation of protocols and algorithms based on local policy and to generate the encryption and authentication keys to be used by IPSec. IPSec can be used to protect one or more data flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.

7.2 Technical details

Two protocols have been developed to provide packet-level security for both IPv4 and IPv6:
1.

2.

The IP Authentication Header provides integrity, authentication, and non-repudiation if the appropriate choice of cryptographic algorithms is made. The IP Encapsulating Security Payload provides confidentiality, along with optional (but strongly recommended) authentication and integrity protection.

a. Authentication header (AH)

The AH is intended to guarantee connectionless integrity and data origin authentication of IP datagrams. Further, it can optionally protect against

replay attacks by using the sliding window technique and discarding old packets. AH protects the IP payload and all header fields of an IP datagram except for mutable fields, i.e. those that might be altered in transit. In IPv4, mutable (and therefore unauthenticated) IP header fields include TOS, Flags, Fragment Offset, TTL and Header Checksum. AH operates directly on top of IP, using IP protocol number 51. An AH packet diagram:

0 - 7 bit Next header

8 - 15 bit Payload length

16 - 23 bit RESERVED

24 - 31 bit

Security parameters index (SPI) Sequence number Authentication data (variable)

Field meanings:
Next header: Identifies the protocol of the transferred data. Payload length: Size of AH packet. RESERVED: Reserved for future use (all zero until then). Security parameters index (SPI): Identifies the security parameters, which, in combination with the IP address, then identify the security association implemented with this packet. Sequence number: A monotonically increasing number, used to prevent replay attacks. Authentication data: Contains the integrity check value (ICV) necessary to authenticate the packet; it may contain padding.

b. Encapsulating Security Payload (ESP)

The ESP protocol provides origin authenticity, integrity, and confidentiality protection of a packet. ESP also supports encryption-only and authentication-only configurations, but using encryption without authentication is strongly discouraged because it is insecure. Unlike AH, the IP packet header is not protected by ESP. (Although in tunnel mode ESP, protection is afforded to the whole inner IP packet, including the inner header; the outer header remains unprotected.) ESP operates directly on top of IP, using IP protocol number 50. An ESP packet diagram:

0 - 7 bit

8 - 15 bit

16 - 23 bit

24 - 31 bit

Security parameters index (SPI) Sequence number

Payload data (variable)

Padding (0-255 bytes) Pad Length Authentication Data (variable) Next Header

Field meanings:
Security parameters index (SPI): Identifies the security parameters in combination with IP address.

Sequence number: A monotonically increasing number, used to prevent replay attacks. Payload data: The data to be transferred. Padding: Used with some block ciphers to pad the data to the full length of a block. Pad length: Size of padding in bytes. Identifies the protocol of the transferred data. Authentication data: Contains the data used to authenticate the packet.

8. Upcoming technologies
It is assumed that the future WAN architecture will be driven by services, traffic volume, and technology trends.

8.1 IPv6
Internet Protocol version 6 (IPv6) is a network layer for packet-switched internetworks. It is designated as the successor of IPv4, the current version of the Internet Protocol, for general use on the Internet.

The main disadvantage of IPV4 which actually brought to the advent of IPV6 was address exhaustion. IPv4 exhaustion Estimates as to when the pool of available IPv4 addresses will be exhausted vary widely. In 2003, Paul Wilson (director of APNIC) stated that, based on then-current rates of deployment, the available space would last until 2023.In September 2005 a report by Cisco Systems, which is a network hardware manufacturer, reported that the pool of available addresses would be exhausted in as little as 4 to 5 years.As of November 2007, a daily updated report projected that the IANA pool of unallocated addresses would be exhausted in May 2010, with the various Regional Internet Registries using up their allocations from IANA in April 2011. At the point at which the RIR and IANA pools are exhausted, while there would still be unused IPv4 addresses, the existing mechanisms for allocating those addresses would no longer be capable of being applied, and it is at the moment unclear as to what those mechanisms might be. Mechanisms that have been discussed for allocating IPv4 addresses beyond this point have included the reclamation of unused address space, re-engineering hosts and routers to allow the use of areas of the IPv4 address space which are currently unusable for technical reasons, and the creation of a market in IPv4 addresses.

The main change brought by IPv6 is a much larger address space that allows greater flexibility in assigning addresses. The extended address length eliminates the need to use network address translation to avoid address exhaustion, and also simplifies aspects of address assignment and renumbering when changing providers.

8.2 Features and differences from IPv4:To a great extent, IPv6 is a conservative extension of IPv4. Most transportand application-layer protocols need little or no change to work over IPv6; exceptions are applications protocols that embed network-layer addresses (such as FTP or NTPv3).

Applications, however, usually need small changes in order to run over IPv6. a. Larger address space The main feature of IPv6 that is driving adoption today is the larger address space: addresses in IPv6 are 128 bits long versus 32 bits in IPv4. The larger address space avoids the potential exhaustion of the IPv4 address space without the need for network address translation (NAT) and other devices that break the end-to-end nature of Internet traffic. It also makes administration of medium and large networks simpler, by avoiding the need for complex subnetting schemes. Subnetting will, ideally, revert to its purpose of logical segmentation of an IP network for optimal routing and access.

b. Multicast
Multicast is part of the base specifications in IPv6, unlike IPv4, where it was introduced later. IPv6 does not have a link-local broadcast facility; the same effect can be achieved by multicasting to the all-hosts group (FF02::1). Most environments, however, do not currently have their network infrastructures configured to route multicast: multicast on single subnet will work, but global multicast might not.

The drawback of the large address size is that IPv6 carries some bandwidth overhead over IPv4, which may hurt regions where bandwidth is limited (header compression can sometimes be used to alleviate this problem).

c. Link-local addresses
IPv6 interfaces have link-local addresses in addition to the global addresses that applications usually use. These link-local addresses are always present and never change, which simplifies the design of configuration and routing protocols.

Link-local addresses are often used for network address autoconfiguration where no external source of network addressing information is available.

d. Network-layer security
IPsec, the protocol for IP network-layer encryption and authentication, is an integral part of the base protocol suite in IPv6; this is unlike IPv4, where it is optional (but usually implemented). IPsec, however, is not widely used at present except for securing traffic between IPv6 Border Gateway Protocol routers.

e. Mobility
Unlike mobile IPv4, Mobile IPv6 (MIPv6) avoids triangular routing and is therefore as efficient as normal IPv6. This advantage is mostly hypothetical, as neither MIPv4 nor MIPv6 are widely deployed today.

f. Simpler processing by routers

IPv4 has a checksum field that covers the entire packet header. Since certain fields (such as the TTL field) change during forwarding, the checksum must be recomputed by every router. IPv6 has no error checking at the network layer but instead relies on link layer and transport protocols to perform error checking, which should make forwarding faster.

9. Future expectations
We are about to see a major investment in telecommunications, one that will substantially impact the lives of our children and their children for probably the better part of the next century. At the least, there will be a new access network that gives us multi-megabit per second communication from our homes to other people and to businesses across the nation. Impetus for this change can be seen in today's use of the Internet and on-line services. Web browsers bring interactive communication with computer graphics to millions of hitherto unsophisticated computer users. They promise on-line commerce, audio and video entertainment on demand, and a much improved quality of communication between ordinary people. For the moment, the Internet experience is severely compromised by the low speed of networks

that reach into our homes. That will change as cable television providers, regional telephone companies and others compete to bring about a two or three order of magnitude increase in the speed of network access.

10. References
Bibliography
Product Information Document(PID) for MPLS services(Provided by the company). PID for NLD Leased Circuit Service (Provided by the company). Text Book-Data communication and Networking by Behrouz A Forouzan.

Webliography
www.airtelenterprise.com www.google.co.in www.bhartiteleventures.com www.surfindia.com www.viasat.com www.educationinfoindia.com www.wikipedia.com

11. Glossary
1. Submarine Cable 2. MPLS 3. IPLC 4. Bandwidth 5. NLD 6. iMPLS A communication cable laid beneath sea. Multi Protocol Label Switching (Service by Bharti) International Private Leased Circuit The amount of data transferred in one second National Long Distance International MPLS

7. SP 8. Fibre 9. WDM 10. DWDM 11. VPN 12. Latency 13. LSR 14. LDP 15. LER

Service Provider Optical Fiber cable used for data transmission. Uses light to transfer data. Wavelength Division Multiplexing. Dense Wavelength Division Multiplexing. Virtual Private Network It is the minimum time taken to get a information transferred from one place to other. Label Switch Routers Label Distribution Protocol Label Edge Routers